Added logic to chek for changes in org variable in msg object

.nyc_output/21ff85fc-0160-4e04-add9-56937f86f6f5.json

@@ -0,0 +1 @@
+{"/Users/steve/Documents/GitHub/node-red/nodes/StopTheBleed.js":{"path":"/Users/steve/Documents/GitHub/node-red/nodes/StopTheBleed.js","statementMap":{"0":{"start":{"line":1,"column":14},"end":{"line":1,"column":30}},"1":{"start":{"line":3,"column":25},"end":{"line":8,"column":1}},"2":{"start":{"line":10,"column":0},"end":{"line":52,"column":2}},"3":{"start":{"line":12,"column":19},"end":{"line":12,"column":33}},"4":{"start":{"line":20,"column":8},"end":{"line":20,"column":14}},"5":{"start":{"line":21,"column":4},"end":{"line":21,"column":25}},"6":{"start":{"line":22,"column":4},"end":{"line":22,"column":25}},"7":{"start":{"line":23,"column":4},"end":{"line":23,"column":19}},"8":{"start":{"line":24,"column":4},"end":{"line":24,"column":41}},"9":{"start":{"line":25,"column":4},"end":{"line":25,"column":37}},"10":{"start":{"line":26,"column":4},"end":{"line":26,"column":25}},"11":{"start":{"line":30,"column":4},"end":{"line":50,"column":5}},"12":{"start":{"line":31,"column":6},"end":{"line":46,"column":9}},"13":{"start":{"line":32,"column":25},"end":{"line":32,"column":102}},"14":{"start":{"line":32,"column":37},"end":{"line":32,"column":102}},"15":{"start":{"line":32,"column":74},"end":{"line":32,"column":93}},"16":{"start":{"line":33,"column":8},"end":{"line":45,"column":9}},"17":{"start":{"line":34,"column":26},"end":{"line":36,"column":11}},"18":{"start":{"line":37,"column":10},"end":{"line":37,"column":45}},"19":{"start":{"line":38,"column":10},"end":{"line":44,"column":13}},"20":{"start":{"line":48,"column":6},"end":{"line":48,"column":67}},"21":{"start":{"line":49,"column":6},"end":{"line":49,"column":21}}},"fnMap":{"0":{"name":"(anonymous_0)","decl":{"start":{"line":11,"column":2},"end":{"line":11,"column":3}},"loc":{"start":{"line":11,"column":23},"end":{"line":27,"column":3}},"line":11},"1":{"name":"(anonymous_1)","decl":{"start":{"line":29,"column":2},"end":{"line":29,"column":3}},"loc":{"start":{"line":29,"column":16},"end":{"line":51,"column":3}},"line":29},"2":{"name":"(anonymous_2)","decl":{"start":{"line":31,"column":31},"end":{"line":31,"column":32}},"loc":{"start":{"line":31,"column":45},"end":{"line":46,"column":7}},"line":31},"3":{"name":"(anonymous_3)","decl":{"start":{"line":32,"column":25},"end":{"line":32,"column":26}},"loc":{"start":{"line":32,"column":37},"end":{"line":32,"column":102}},"line":32},"4":{"name":"(anonymous_4)","decl":{"start":{"line":32,"column":64},"end":{"line":32,"column":65}},"loc":{"start":{"line":32,"column":74},"end":{"line":32,"column":93}},"line":32}},"branchMap":{"0":{"loc":{"start":{"line":32,"column":74},"end":{"line":32,"column":93}},"type":"binary-expr","locations":[{"start":{"line":32,"column":75},"end":{"line":32,"column":76}},{"start":{"line":32,"column":80},"end":{"line":32,"column":84}},{"start":{"line":32,"column":89},"end":{"line":32,"column":93}}],"line":32},"1":{"loc":{"start":{"line":33,"column":8},"end":{"line":45,"column":9}},"type":"if","locations":[{"start":{"line":33,"column":8},"end":{"line":45,"column":9}},{"start":{"line":33,"column":8},"end":{"line":45,"column":9}}],"line":33}},"s":{"0":1,"1":1,"2":1,"3":4,"4":4,"5":4,"6":4,"7":4,"8":4,"9":4,"10":4,"11":4,"12":4,"13":13,"14":44,"15":152,"16":13,"17":9,"18":9,"19":8,"20":1,"21":1},"f":{"0":4,"1":4,"2":13,"3":44,"4":152},"b":{"0":[152,152,8],"1":[9,4]},"_coverageSchema":"1a1c01bbd47fc00a2c39e90264f33305004495a9","hash":"d522abb5154b7ae5c9241b429319f1afece49f0a","contentHash":"ce488e6cc7b4741e328f5029f21a44fdb66498c3ce733af716a46122e4865d62"}}

.nyc_output/60724442-7f2d-4d3c-96e1-90692e323b95.json

@@ -0,0 +1 @@
+{}

.nyc_output/processinfo/21ff85fc-0160-4e04-add9-56937f86f6f5.json

@@ -0,0 +1 @@
+{"parent":"60724442-7f2d-4d3c-96e1-90692e323b95","pid":49816,"argv":["/Users/steve/.nvm/versions/node/v8.17.0/bin/node","/Users/steve/Documents/GitHub/node-red/node_modules/mocha/bin/_mocha","--recursive","test/unit/fixtures","test/unit/test-stopTheBleed.js"],"execArgv":[],"cwd":"/Users/steve/Documents/GitHub/node-red","time":1625668556386,"ppid":49815,"coverageFilename":"/Users/steve/Documents/GitHub/node-red/.nyc_output/21ff85fc-0160-4e04-add9-56937f86f6f5.json","externalId":"","uuid":"21ff85fc-0160-4e04-add9-56937f86f6f5","files":["/Users/steve/Documents/GitHub/node-red/nodes/StopTheBleed.js"]}

.nyc_output/processinfo/60724442-7f2d-4d3c-96e1-90692e323b95.json

@@ -0,0 +1 @@
+{"parent":null,"pid":49815,"argv":["/Users/steve/.nvm/versions/node/v8.17.0/bin/node","/Users/steve/Documents/GitHub/node-red/node_modules/.bin/mocha","--recursive","test/unit/fixtures","test/unit/test-stopTheBleed.js"],"execArgv":[],"cwd":"/Users/steve/Documents/GitHub/node-red","time":1625668556024,"ppid":49814,"coverageFilename":"/Users/steve/Documents/GitHub/node-red/.nyc_output/60724442-7f2d-4d3c-96e1-90692e323b95.json","externalId":"","uuid":"60724442-7f2d-4d3c-96e1-90692e323b95","files":[]}

.nyc_output/processinfo/index.json

@@ -0,0 +1 @@
+{"processes":{"21ff85fc-0160-4e04-add9-56937f86f6f5":{"parent":"60724442-7f2d-4d3c-96e1-90692e323b95","children":[]},"60724442-7f2d-4d3c-96e1-90692e323b95":{"parent":null,"children":["21ff85fc-0160-4e04-add9-56937f86f6f5"]}},"files":{"/Users/steve/Documents/GitHub/node-red/nodes/StopTheBleed.js":["21ff85fc-0160-4e04-add9-56937f86f6f5"]},"externalIds":{}}

Gruntfile.js

@@ -53,7 +53,8 @@ module.exports = function(grunt) {
                 ignoreLeaks: false,
                 ui: 'bdd',
                 reportFormats: ['lcov','html'],
-                print: 'both'
+                print: 'both',
+                force: true
             },
             all: { src: ["test/_spec.js","test/red/**/*_spec.js","test/nodes/**/*_spec.js"] },
             core: { src: ["test/_spec.js","test/red/**/*_spec.js"]},

nodes/StopTheBleed.js

@@ -0,0 +1,52 @@
+const clone = require('clone');
+
+const variablesToCheck = [
+  'logger.metadata.organization',
+  'payload.system.organization',
+  'event.event.organization',
+  'event.event.token.contents.organization'
+];
+
+module.exports = class StopTheBleed {
+  constructor(_before) {
+    const before = clone(_before);
+    const {
+      logger, 
+      payload: {
+        system: {
+          bot, conversationId, organization, region
+        }
+      }
+    } = before;
+    this.before = before;
+    this.logger = logger;
+    this.bot = bot;
+    this.conversationId = conversationId;
+    this.organization = organization;
+    this.region = region;
+  }
+
+  verify(after) {
+    try {
+      variablesToCheck.forEach((location) => {
+        const getValue = (object) => location.split('.').reduce((p, c) => (p && p[c]) || null, object);
+        if (getValue(this.before) !== getValue(after)) {
+          const details = {
+            message: `msg.${location} changed from "${getValue(this.before)}" to "${getValue(after)}" for bot "${this.bot}"`
+          };
+          this.logger.error(details.message);
+          this.logger.app.platform.organization({
+            srn: `srn:botnet:${this.region}:${this.organization}:bot:${this.bot}`,
+            action: 'exception',
+            actionType: 'invalid-payload-modification',
+            details,
+            conversationId: this.conversationId
+          });
+        }
+      });
+    } catch (e) {
+      console.log('Error while trying to verify variable changes');
+      console.log(e);
+    }
+  }
+};

nodes/core/core/80-function.js

@@ -14,6 +14,8 @@
  * limitations under the License.
  **/
 
+const StopTheBleed = require('../../StopTheBleed')
+
 module.exports = function(RED) {
     "use strict";
     var util = require("util");
@@ -207,10 +209,13 @@ module.exports = function(RED) {
         try {
             this.on("input", function(msg) {
                 try {
+                    const stopTheBleed = new StopTheBleed(msg)
                     var start = process.hrtime();
                     sandbox.msg = msg;
                     const vm2Instance = new vm2.VM({ sandbox, timeout: 5000 });
                     const result = vm2Instance.run(functionText);
+                    console.log('before the bleed check')
+                    stopTheBleed.verify(result)
                     sendResults(this,msg._msgid, result);
 
                     var duration = process.hrtime(start);

nodes/core/logic/15-change.js

@@ -13,6 +13,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+const StopTheBleed = require('../../StopTheBleed')
 
 module.exports = function(RED) {
     "use strict";
@@ -228,6 +229,7 @@ module.exports = function(RED) {
         }
         if (valid) {
             this.on('input', function(msg) {
+                const stopTheBleed = new StopTheBleed(msg)
                 for (var i=0; i<this.rules.length; i++) {
                     if (this.rules[i].t === "move") {
                         var r = this.rules[i];
@@ -248,6 +250,7 @@ module.exports = function(RED) {
                         return;
                     }
                 }
+                stopTheBleed.verify(msg)
                 node.send(msg);
             });
         }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@servisbot/node-red",
-  "version": "0.18.7-patch-7",
+  "version": "0.18.7-patch-8",
   "description": "A visual tool for wiring the Internet of Things",
   "homepage": "http://nodered.org",
   "license": "Apache-2.0",
@@ -12,7 +12,8 @@
   "scripts": {
     "start": "node red.js",
     "test": "grunt test-nodes",
-    "build": "grunt build"
+    "build": "grunt build",
+    "test:unit": "nyc node_modules/.bin/mocha --recursive test/unit/*"
   },
   "bin": {
     "node-red": "./red.js",
@@ -37,7 +38,7 @@
     "bcryptjs": "2.4.3",
     "body-parser": "1.18.3",
     "cheerio": "0.22.0",
-    "clone": "2.1.1",
+    "clone": "^2.1.1",
     "cookie": "0.3.1",
     "cookie-parser": "1.4.3",
     "cors": "2.8.4",
@@ -102,15 +103,16 @@
     "http-proxy": "^1.16.2",
     "istanbul": "0.4.5",
     "mocha": "^5.1.1",
+    "node-red-node-test-helper": "~0.1.7",
+    "nyc": "^15.1.0",
     "should": "^8.4.0",
-    "sinon": "1.17.7",
+    "sinon": "^1.17.7",
     "stoppable": "^1.0.6",
     "supertest": "3.0.0",
     "wdio-chromedriver-service": "^0.1.1",
     "wdio-mocha-framework": "^0.5.11",
     "wdio-spec-reporter": "^0.1.3",
-    "webdriverio": "^4.9.11",
-    "node-red-node-test-helper": "^0.1.7"
+    "webdriverio": "^4.9.11"
   },
   "engines": {
     "node": ">=4"

test/unit/fixtures/data/orgEvent.js

@@ -0,0 +1,25 @@
+module.exports = (org) => ({
+  logger: {
+    metadata: {
+      organization: org
+    }
+  },
+  payload: {
+    system: {
+      organization: org,
+      region: 'eu-test-1',
+      conversationId: 'convo-id',
+      bot: 'my-bot'
+    },
+  },
+  event: {
+    event: {
+      organization: org,
+      token: {
+        contents: {
+          organization: org
+        }
+      }
+    }
+  }
+});

test/unit/test-stopTheBleed.js

@@ -0,0 +1,74 @@
+const StopTheBleed = require('../../nodes/StopTheBleed')
+const orgEvent = require('./fixtures/data/orgEvent')
+const sinon = require('sinon');
+const assert = require('assert');
+
+describe.only('Unit: StopTheBleed', () => {
+  it('Should not log when no changes', () => {
+    const beforeEvent = orgEvent('before');
+    const stopTheBleed = new StopTheBleed(beforeEvent);
+    stopTheBleed.verify(beforeEvent);
+  });
+
+  it('Should warn when org is overwritten', () => {
+    const beforeEvent = orgEvent('before');
+    errorLogStub = sinon.stub();
+    appLogStub = sinon.stub();
+    beforeEvent.logger.error = errorLogStub;
+    beforeEvent.logger.app = {
+      platform:{
+        organization: appLogStub
+      }
+    };
+
+    const stopTheBleed = new StopTheBleed(beforeEvent);
+
+    const modifiedEvent = orgEvent('after');
+
+    stopTheBleed.verify(modifiedEvent);
+    assert(errorLogStub.callCount === 4)
+    assert(appLogStub.callCount === 4)
+    const [[log1], [log2], [log3], [log4]] = appLogStub.args
+    assert(log1.details.message.includes('logger.metadata.organization'))
+    assert(log2.details.message.includes('payload.system.organization'))
+    assert(log3.details.message.includes('event.event.organization'))
+    assert(log4.details.message.includes('event.event.token.contents.organization'))
+  });
+
+
+  it('Should warn when org is deleted', () => {
+    const beforeEvent = orgEvent('before');
+    errorLogStub = sinon.stub();
+    appLogStub = sinon.stub();
+    beforeEvent.logger.error = errorLogStub;
+    beforeEvent.logger.app = {
+      platform:{
+        organization: appLogStub
+      }
+    };
+
+    const stopTheBleed = new StopTheBleed(beforeEvent);
+
+    delete beforeEvent.logger.metadata.organization;
+    delete beforeEvent.payload.system.organization;
+    delete beforeEvent.event.event.organization;
+    delete beforeEvent.event.event.token.contents.organization;
+    stopTheBleed.verify(beforeEvent);
+    assert(errorLogStub.callCount === 4)
+    assert(appLogStub.callCount === 4)
+    const [[log1], [log2], [log3], [log4]] = appLogStub.args
+    assert(log1.details.message.includes('logger.metadata.organization'))
+    assert(log2.details.message.includes('payload.system.organization'))
+    assert(log3.details.message.includes('event.event.organization'))
+    assert(log4.details.message.includes('event.event.token.contents.organization'))
+  });
+
+  it('Should not die when error', () => {
+    const beforeEvent = orgEvent('before');
+    const stopTheBleed = new StopTheBleed(beforeEvent);
+
+    const modifiedEvent = orgEvent('after');
+
+    stopTheBleed.verify(modifiedEvent);
+  });
+});